Connect PAYG instance
In the three major public cloud providers (AWS, GCP and Azure), SUSE:
-
provides customized PAYG product images for SLES, SLES for SAP, etc.
-
operates per-region RMT Servers mirroring repositories for products available as PAYG
This document describes how to connect existing PAYG instance to SUSE Manager server, and gives basic information about credentials collection from the instance. The goal of this connection is to extract authentication data so the SUSE Manager Server can connect to a cloud RMT host. Then the SUSE Manager Server has access to products on the RMT host that are not already available with the SUSE Customer Center organization credentials.
Before using PAYG feature make sure that:
-
The PAYG instance is launched from the correct SUSE product image (for example, SLES, SLES for SAP, or SLE HPC) to allow access to the desired repositories
-
SUSE Manager Server has connectivity to the PAYG instance (ideally in the same region) either directly or via a bastion
-
A basic SUSE Customer Center account is required. Enter your valid SUSE Customer Center credentials in
. This account is required for accessing the SUSE Manager client tools for boostrapping regardless of PAYG instances. -
If you bootstrap the PAYG instance to SUSE Manager, SUSE Manager will disable its PAYG repositories then add repositories from where it mirrored the data from the RMT server. The final result will be PAYG instances acquiring the same repositories from the RMT servers but through the SUSE Manager server itself. Of course repositories can still be setup primarily from SCC.
1. Connecting PAYG instance
-
In the SUSE Manager Web UI, navigate to
, and click Add PAYG. -
Start with the page section
PAYG connection Description
. -
In the
Description
field, add the description. -
Move to the page section
Instance SSH connection data
. -
In the
Host
field, enter the instance DNS or IP address to connect from SUSE Manager. -
In the
SSH Port
field, enter the port number or use default value 22. -
In the
User
field, enter the username as specified in the cloud. -
In the
Password
field, enter the password. -
In the
SSH Private Key
field, enter the instance key. -
In the
SSH Private Key Passphrase
field, enter the key passphrase.
Authentication keys must always be in PEM format. |
If you are not connecting directly to the instance, but via SSH bastion, proceed with Procedure: Adding SSH bastion connection data.
Otherwise, continue with Procedure: Finishing PAYG connecting.
-
Navigate to the page section
Bastion SSH connection data
. -
In the
Host
field, enter the bastion hostname. -
In the
SSH Port
field, enter the bastion port number. -
In the
User
field, enter the bastion username. -
In the
Password
field, enter the bastion password. -
In the
SSH Private Key
field, enter the bastion key. -
In the
SSH Private Key Passphrase
field, enter the bastion key passphrase.
Complete the setup process with with Procedure: Finishing PAYG connecting.
-
To complete adding new PAYG connection data, click Create.
-
Return to PAYG connection data
Details
page. The updated connection status is displayed on the top section namedInformation
. -
Connection status is shown in
Admin > Setup Wizard > Pay-as-you-go
screen too. -
If the authentication data for the instance are correct, the column
Status
shows "Credentials successfully updated."
If the invalid data are entered at any point, the newly created instance is shown in |
As soon as the authentication data is available on the server, the list of available products is updated.
Available products are all versions of the same product family and architecture as the one installed in the PAYG instance.
For example, if the instance has the SUSE Linux Enterprise Server 15 SP1 product installed, SUSE Linux Enterprise Server 15 SP2, SUSE Linux Enterprise Server 15 SP3, SUSE Linux Enterprise Server 15 SP4 and SUSE Linux Enterprise Server 15 SP5 are automatically shown in Admin > Setup Wizard > Products
.
Once the products are shown as available, the user can add a product to SUSE Manager by selecting the checkbox next to the product name and clicking Add product.
After the success message you can verify the newly added channels in the Web UI, by navigating to Software > Channel List > All
.
To monitor the syncing progress of each channel, check the log files in the /var/log/rhn/reposync
directory on the SUSE Manager Server.
If a product is provided by both the PAYG instance and one of the SUSE Customer Center subscriptions, it will appear only once in the products list. When the channels belonging to that product are synced, the data might still come from the SCC subscription, and not from the Pay-As-You-Go instance. |
1.1. Deleting the instance connection data
The following procedure describes how to delete SSH connection data of the instance.
-
Open
Admin > Setup Wizard > PAYG
. -
Find the instance on the list of existing instances.
-
Click on the instance details.
-
Select Delete and confirm your selection.
-
You are returned to the list of instances. The one that was just deleted is no longer shown.
2. Instance credential collect status
SUSE Manager server uses credentails collected from the instance to connect to the RMT server and to download the packages using reposync. These credentials are refreshed every 10 minutes by taskomatic using the defined SSH connection data. Connection to RMT server always uses the last known authentication credentials collected from the PAYG instance.
The status of the PAYG instance credentials collect is shown in the column Status
or on the instance details page.
When the instance is not reachable, the credential update process will fail.
When the instance is unreachable, the credential update process will fail and the credentials will become invalid after the second failed refresh. Synchronization of channels will fail when the credentials are invalid. To avoid this keep the connected instances running.
PAYG instance remains connected to SUSE Manager server unless SSH connection data is explicitly deleted. To delete the SSH connection data to the instance, use Procedure: Deleting connection data to instance.
PAYG instance may not be accessible from the SUSE Manager server at all times.
-
If the instance exists, but is stopped, the last known credentials will be used to try to connect to the instance. How long the credentials remain valid depends on the cloud provider.
-
If the instance no longer exists, but is still registered with SUMA, its credentials are no longer valid and the authentication will fail. The error message is shown in the column Status.
The error message only indicates that the instance is not available. Further diagnostics about the status of the instance needs to be done on the cloud provider.
Any of the following actions or changes in the PAYG instance will lead to credentials failing:
* removing zypper credentials files
* removing the imported certificates
* removing cloud-specific entries from |
3. Registering PAYG system as a client
You can register a PAYG instance from where you harvest the credentials as a Salt client. The instance needs to have a valid cloud connection registered, otherwise it will not have access to channels. If the user removes the cloud packages, the credentials harvesting may stop working.
First set up the PAYG instance to collect authentication data, so it can synchronize the channels.
The rest of the process is the same as for any non-public-cloud client and consists of synchronizing channels, automatic bootstrap script creation, activation key creation and starting the registration.
For more about registering clients, see Client Registration.
4. Troubleshooting
- Checking the credentials
-
-
If the script fails to collect the credentials, it should provide a proper error message in the logs and in the Web UI.
-
If the credentials are not working,
reposync
should show the proper error.
-
- Using
registercloudguest
-
-
Refreshing or changing the
registercloudguest
connection to the public cloud update infrastructure should not interfere with the credentials usage. -
Running
`registercloudguest --clean
will cause problems if no new cloud connection is registered with the cloud guest command.
-